Provided is a system for inspecting and optimizing containerized software applications. A container image may include a plurality of files and layers, and some of such files and layers may not be used during the execution of the container image. A system described herein can identify and remove such unused files and/or layers from the container image by launching an inspector task configured to launch the container image, monitor access to the files in the container image, identify which files are unused, and remove the unused files from the container image (or generate a new container image not including the unused files). By doing so, the system can reduce the size of the container image, which can reduce the storage costs, startup latency, and security vulnerabilities associated with the container image.
Legal claims defining the scope of protection, as filed with the USPTO.
2. The cloud provider system of claim 1, wherein the container service is further configured to output a second container image that contains a new container image layer that is different from each of the plurality of container image layers of the first container image, wherein the second container image does not contain the subset of unused files in the first container image.
6. The computer-implemented method of claim 5, further comprising executing the second container image and determining that a result of the execution of the second container image matches that of the execution of the first container image.
7. The computer-implemented method of claim 5, further comprising outputting a second container image that contains the subset of remaining files but not the at least one unused file.
9. The computer-implemented method of claim 8, wherein the association between the first file and the second file is provided in a mapping table mapping each original file included in the mapping table to a replacement file that is usable to replace the original file in a container image to improve execution performance of the container image.
11. The computer-implemented method of claim 5, wherein a size of the first container image is greater than a size of the second container image.
12. The computer-implemented method of claim 5, wherein the inspector container image is executed on one of a virtual machine instance, a bare-metal instance, a physical machine, a container, a node, an offload card, an IoT device, or on-premises compute capacity.
14. The non-transitory computer-readable medium of claim 13, storing further instructions that, when executed by the computing system, cause the computing system to perform operations comprising executing the second container image and determining that a result of the execution of the second container image matches that of the execution of the first container image.
15. The non-transitory computer-readable medium of claim 13, storing further instructions that, when executed by the computing system, cause the computing system to perform operations comprising outputting a second container image that contains the subset of remaining files but not the at least one unused file.
17. The non-transitory computer-readable medium of claim 16, wherein the association between the first file and the second file is provided in a mapping table mapping each original file included in the mapping table to a replacement file that is usable to replace the original file in a container image to improve execution performance of the container image.
19. The non-transitory computer-readable medium of claim 13, wherein a size of the first container image is greater than a size of the second container image.
20. The non-transitory computer-readable medium of claim 13, wherein the inspector container image is executed on one of a virtual machine instance, a bare-metal instance, a physical machine, a container, a node, an offload card, an IoT device, or on-premises compute capacity.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
June 30, 2021
February 6, 2024
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.